Computers are valuable tools in large part for their ability to communicate with other computer systems and retrieve information over computer networks. Networks typically comprise an interconnected group of computers, linked by wire, fiber optic, radio, or other data transmission means, to provide the computers with the ability to transfer information from computer to computer. The Internet is perhaps the best-known computer network, and enables millions of people to access millions of other computers such as by viewing web pages, sending e-mail, or by performing other computer-to-computer communication.
But, because the size of the Internet is so large and Internet users are so diverse in their interests, it is not uncommon for malicious users or criminals to attempt to communicate with other users' computers in a manner that poses a danger to the other users. For example, a hacker may attempt to log in to a corporate computer to steal, delete, or change information. Computer viruses or Trojan horse programs may be distributed to other computers, or unknowingly downloaded or executed by large numbers of computer users. Further, mass spam emails or emails having malicious content may be sent across the network, often from “zombie” computers taken over via Trojans or other malware.
For these and other reasons, many computer systems employ a variety of safeguards designed to protect computer systems against certain threats. Firewalls are designed to restrict the types of communication that can occur over a network, antivirus programs are designed to prevent malicious code from being loaded or executed on a computer system, and malware detection programs are designed to detect remailers, keystroke loggers, and other software that is designed to perform undesired operations such as stealing information from a computer or using the computer for unintended purposes. Similarly, email that can be recognized as spam or as malicious is often quarantined before it reaches a user's inbox, helping reduce the impact of undesirable email on the user.
Many such protective systems use signatures of known threats to detect and control the threat. For example, antivirus software typically uses a large library of signatures comprising code segments or other identifying information to scan storage such as hard drives and to scan executing programs, removing offending code from the computer system before it can cause damage. Email spam programs similarly search for common terms within the email suggesting the email may be spam, and quarantine the message rather than deliver it.
Detection of new threats, such as email designed to avoid spam filter detection or new viruses, remains a challenge. Given that undesirable email and other forms of undesirable network content are constantly being developed, and are often configured to avoid detection, efficient and accurate detection of these threats remains an ongoing challenge.